89 lines
3.1 KiB
YAML
89 lines
3.1 KiB
YAML
- include_vars: snmp_users.yml
|
|
|
|
- name: server | snmpd | install package
|
|
package:
|
|
name: "{{ snmpd_package }}"
|
|
state: present
|
|
|
|
- name: server | snmpd | install sudoers file
|
|
copy:
|
|
dest: "/etc/sudoers.d/10-debian-snmp"
|
|
src: "sudoers"
|
|
owner: "root"
|
|
group: "root"
|
|
mode: "0660"
|
|
validate: "visudo -cf %s"
|
|
when: ansible_distribution in ["Debian", "Ubuntu"]
|
|
|
|
- name: server | snmpd | insert anchors to snmpd.conf
|
|
blockinfile:
|
|
path: "{{ snmpd_conf }}"
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK" # not required. The marker line template. C({mark}) will be replaced with the values C(in marker_begin) (default="BEGIN") and C(marker_end) (default="END"). Using a custom marker without the C({mark}) variable may result in the block being repeatedly inserted on subsequent playbook runs.
|
|
block: |
|
|
################################################################################
|
|
# SECTION: custom settings
|
|
|
|
- name: server | snmpd | stop service
|
|
service:
|
|
name: "snmpd"
|
|
state: stopped
|
|
|
|
- name: server | snmpd | setup monitoring user SNMPv3
|
|
lineinfile:
|
|
path: "{{ snmpd_user_file }}"
|
|
line: "createuser {{ snmp_user }} {{ snmp_auth_proto }} {{ snmp_auth_pass }} {{ snmp_priv_proto }} {{ snmp_priv_pass }}"
|
|
|
|
- name: server | snmpd | setup ACLs
|
|
lineinfile:
|
|
path: "{{ snmpd_conf }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
|
|
line: "rouser {{ snmp_user }} authpriv"
|
|
insertafter: "# SECTION: custom settings"
|
|
|
|
- name: server | snmpd | enable service on wireguard interface
|
|
lineinfile:
|
|
path: "{{ snmpd_conf }}"
|
|
regexp: "^agentaddress.*$"
|
|
state: present
|
|
line: "agentaddress 127.0.0.1,{{ wg_local_ip | ipaddr('address') }},[::1]"
|
|
when: wg_local_ip is defined
|
|
|
|
- name: server | snmpd | enable service on all interfaces
|
|
lineinfile:
|
|
path: "{{ snmpd_conf }}"
|
|
regexp: "^agentaddress.*$"
|
|
state: present
|
|
line: "agentaddress udp:161,udp6:[::1]:161"
|
|
when: wg_local_ip is not defined
|
|
|
|
- name: server | snmpd | copy distro script
|
|
copy:
|
|
dest: "/etc/snmp/distro/"
|
|
src: "distro"
|
|
mode: "0755"
|
|
|
|
- name: server | snmpd | get os-updates script
|
|
get_url:
|
|
url: "https://raw.githubusercontent.com/librenms/librenms-agent/master/snmp/osupdate"
|
|
dest: "/etc/snmp/osupdate"
|
|
mode: "0755"
|
|
owner: "root"
|
|
group: "root"
|
|
|
|
- name: server | snmpd | configure extends
|
|
lineinfile:
|
|
path: "{{ snmpd_conf }}"
|
|
state: present
|
|
line: "extend {{ item.service }} '{{ item.script }}'"
|
|
insertafter: "# SECTION: custom settings"
|
|
loop:
|
|
- { service: "distro", script: "{{ sudo }} /etc/snmp/distro" }
|
|
- { service: "osupdate", script: "{{ sudo }} /etc/snmp/osupdate" }
|
|
- { service: "hardware", script: "/bin/cat /sys/devices/virtual/dmi/id/product_name" }
|
|
- { service: "manufacturer", script: "/bin/cat /sys/devices/virtual/dmi/id/sys_vendor" }
|
|
- { service: "serial", script: "/bin/cat /sys/devices/virtual/dmi/id/product_serial" }
|
|
|
|
- name: server | snmpd start service
|
|
service:
|
|
name: "snmpd"
|
|
state: started
|